About the roleConcept Plus is seeking a Cybersecurity Policy and RMF Analyst to provide Risk Management Support to identify shortfalls in the assessment and authorization process, track and manage Risk Assessments, assist in implementing a Risk Management strategy and tie together the business continuity of operations plan (COOP) and the IT COOP plans.
What you'll do- Adhere to the DoD cybersecurity policy requirements set forth in DoDI 8500.01, "Cybersecurity," and DoDI 8510.01, "Risk Management Framework (RMF) for DoD Information Technology (IT)" and their successors.
- Monitor identified risks and track response actions to ensure they support the customer Risk Management Strategy and are properly documented in a risk registry.
- Provide recommendations to business and IT leaders on best business practices followed in the industry to mitigate or remediate risks • Schedule, conduct, and track RMF validations for each IT Portfolio.
- Review of security controls, as part of a risk assessment, as needed to support an Authorization to Operate (ATO) of an investment.
- Review vulnerabilities and identify potential risks based on the type of vulnerability and the potential impact.
- Identify actions needed to protect information flows to ensure adherence to legal and regulatory standards.
- Coordinate the development of plans and procedures to ensure that business-critical services are recovered in the event of a digital risk event. • Facilitate and support the development of asset inventories, including digital assets in cloud. • Track all technology requests.
- Track open vulnerabilities and provide a status on each open risk for each IT Portfolio / Investment. Ensure POAMs are current and reflects all known weaknesses.
- Stay up-to-date with the latest Azure and FedRAMP regulatory changes and industry trends, advising teams on potential impacts and necessary adjustments.
Required Qualifications- US Citizenship
- Active DoD Secret Clearance (or able to obtain
- Bachelor's Degree in an IT related field
- Meet DoD 8570/8140 Information Assurance Technician (IAT) Level II or Higher (Sec+ CE or Higher)
- 1+ Years Experience with the Risk Management Framework Process
- 1+ Years Experience operating the Enterprise Mission Assurance Support Service Application (eMASS)
Preferred Qualifications- Experience in performing IT audits, security planning and policy development
- An understanding of related information technology (e.g. firewalls, VPN, virtualization, identity management systems etc.)
- Knowledge of domain structure, user authentication, data encryption, access audits and end-use security best practices
- CompTIA CySA+, CEH and/or CompTIA Pen Test+ Certifications a plus
